[Jmap] questions/comments on draft-ietf-jmap-webpush-vapid-01
Jim Fenton <fenton@bluepopcorn.net> Sat, 06 April 2024 20:55 UTC
Return-Path: <fenton@bluepopcorn.net>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88DE1C14F60F for <jmap@ietfa.amsl.com>; Sat, 6 Apr 2024 13:55:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNRdRl42NfgO for <jmap@ietfa.amsl.com>; Sat, 6 Apr 2024 13:55:44 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D799C14F601 for <jmap@ietf.org>; Sat, 6 Apr 2024 13:55:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bluepopcorn.net; s=supersize; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=a3/MgUsBI/tJa9m4rzB+40f655wjuzyGwIl85WFBx4k=; b=eD3Nd3rP5mcYxJlf26kN7wrGxV 8wzyJksUJ5gx1XoNeRYhdKLv3Dk2/1IO2dZfneacOx4laPCGvxp76BtorryGZieY184oO3hH3WMr0 xxcWNQeWHPBYEtSmPR4m9wUYTQcPjhFsPvMsa9krWGFAE2NVqNOXrR6ZRBx6d6Kpr+HU=;
Received: from [2601:647:6801:6430:b524:882c:6956:d6b8] (helo=[10.10.20.233]) by v2.bluepopcorn.net with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <fenton@bluepopcorn.net>) id 1rtD4W-0008KX-Ep; Sat, 06 Apr 2024 13:55:42 -0700
From: Jim Fenton <fenton@bluepopcorn.net>
To: Daniel Gultsch <daniel@gultsch.de>, IETF JMAP Mailing List <jmap@ietf.org>
Date: Sat, 06 Apr 2024 13:55:39 -0700
X-Mailer: MailMate (1.14r5852)
Message-ID: <EAD39284-16CF-4E5B-B8DB-200475FC4104@bluepopcorn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; markup="markdown"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/sBjZ7zE7Nqq6xs8cyOXkPCrVQSE>
Subject: [Jmap] questions/comments on draft-ietf-jmap-webpush-vapid-01
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Apr 2024 20:55:48 -0000
I’m unfortunately not familiar with webpush at all, but I read through this draft and one thing stuck out. In Section 3, the applicationServerKey was described as a P-256 public key, which made me ask myself, “what about algorithm agility?” It also said that the public key was encoded in URL-safe base64 [RFC4648]. I went over to RFC 8292 (VAPID for Web Push), and there the public key parameter seems to be in the form of a JSON Web Key (JWK) [RFC 7517]. There the key type and curve (for elliptical) seems to be specified along with the public key. That would answer my concern about algorithm agility, and it probably also makes security sense to ensure the key is only used with the intended algorithm. Should the applicationServerKey instead be specified to be a (probably base64 encoded) JWK? Also, is there any provision for key rollover, for example allowing either of two keys to be used during the transition between one signing key and another? Or is that not needed for some reason? -Jim (as participant)